Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/3pLxmIIKEprhDM6EskZBJQID7-0.roa
File: 3pLxmIIKEprhDM6EskZBJQID7-0.roa (raw, json)
Hash identifier: 5HHdZAt+Z+X4KgorfLViTo1qXrzi4yFVThENumLgyrE=
Subject key identifier: DE:92:F1:98:82:0A:12:9A:E1:0C:CE:84:B2:46:41:25:02:03:EF:ED
Certificate issuer: /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial: 019422FC28FB199D688F0E0686D464DFB808
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/3pLxmIIKEprhDM6EskZBJQID7-0.roa
Signing time: Wed 01 Jan 2025 17:48:58 +0000
ROA not before: Wed 01 Jan 2025 17:48:58 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 399130
IP address blocks: 45.150.168.0/22 maxlen: 24
45.151.196.0/22 maxlen: 24
193.31.104.0/22 maxlen: 24
195.138.109.0/24 maxlen: 24
195.138.110.0/24 maxlen: 24
195.138.113.0/24 maxlen: 24
195.138.115.0/24 maxlen: 24
195.138.117.0/24 maxlen: 24
195.138.119.0/24 maxlen: 24
195.138.121.0/24 maxlen: 24
195.138.123.0/24 maxlen: 24
195.138.124.0/24 maxlen: 24
195.138.125.0/24 maxlen: 24
195.138.126.0/24 maxlen: 24
195.138.127.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 06 Apr 2025 04:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:fc:28:fb:19:9d:68:8f:0e:06:86:d4:64:df:b8:08
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Validity
Not Before: Jan 1 17:48:58 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=de92f198820a129ae10cce84b24641250203efed
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:0a:5e:83:5d:2d:46:80:78:7e:82:c9:4c:46:
cd:1a:ce:b1:89:43:ec:41:c2:ec:5b:63:21:e6:5a:
4a:3c:3f:80:13:ff:2e:36:55:83:ef:81:89:13:eb:
3d:8d:ac:9c:36:d0:4b:e8:a8:94:79:9a:03:f5:b8:
68:80:9c:79:bf:a9:13:8a:ed:71:4a:7d:92:71:02:
48:5c:dc:d0:93:00:47:43:d8:a3:b0:e4:37:48:93:
9e:81:83:3c:b5:29:f0:21:ec:ba:db:9a:ae:80:0a:
7e:af:3f:c4:0c:a9:5c:47:7c:b4:88:c1:32:8f:50:
af:b3:d1:f0:42:ae:d4:bd:69:b6:50:bd:87:4d:db:
36:24:b8:eb:c0:69:14:34:15:3f:fc:75:9f:37:28:
2a:5d:72:98:42:19:1a:2f:51:4a:ea:47:f2:99:33:
9e:e6:c4:5a:04:9b:69:87:b2:15:4a:07:a8:cc:31:
9c:e5:36:68:ee:5b:98:3e:e4:75:1e:39:77:5a:d9:
38:4c:b3:b2:81:fe:a6:21:3b:6a:1b:05:b3:ed:d5:
70:5f:5b:b6:eb:28:f0:c9:79:f1:8f:ed:00:a5:af:
db:0e:82:50:56:a1:6f:e9:62:ff:0d:13:04:21:25:
82:3e:09:bb:ad:f8:c9:77:55:4f:fb:14:b2:09:97:
74:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DE:92:F1:98:82:0A:12:9A:E1:0C:CE:84:B2:46:41:25:02:03:EF:ED
X509v3 Authority Key Identifier:
keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/3pLxmIIKEprhDM6EskZBJQID7-0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.150.168.0/22
45.151.196.0/22
193.31.104.0/22
195.138.109.0-195.138.110.255
195.138.113.0/24
195.138.115.0/24
195.138.117.0/24
195.138.119.0/24
195.138.121.0/24
195.138.123.0-195.138.127.255
Signature Algorithm: sha256WithRSAEncryption
3b:f7:b8:4b:8d:4c:0a:b9:2e:56:03:e1:66:04:dd:05:a2:1d:
ed:41:8e:7e:33:20:61:5b:1b:ad:7b:cf:06:1a:cf:58:5f:97:
51:cb:3e:f9:82:ed:e5:84:8e:7c:fc:d8:ce:8d:73:d8:49:64:
59:f9:5a:5b:71:80:0d:a7:94:03:b6:35:50:6a:66:d9:6d:59:
f7:1e:ca:0d:74:47:5f:03:4d:e1:55:89:0b:55:7a:17:f3:08:
ff:9f:ef:3d:4b:b0:bb:a2:18:5d:39:f2:52:3d:02:66:f2:ca:
cd:76:53:be:47:d8:d9:be:18:ce:ff:54:1b:4f:16:68:29:ae:
23:61:6e:8f:37:27:a2:4c:68:12:dc:94:80:4a:24:8c:65:6a:
88:65:04:3a:dd:7d:37:fd:ed:1c:79:a4:38:8f:d1:7e:66:dd:
b1:78:a6:0d:c8:c8:28:7a:f2:a3:6b:a2:54:4e:bb:d3:94:71:
49:41:df:a2:64:98:2e:ab:7b:a5:71:0f:7c:51:92:5f:79:2c:
52:3c:70:9d:b1:83:d9:ee:97:7e:28:23:c5:79:87:09:ce:ec:
a5:b2:8f:6c:f0:71:e9:f8:c9:ba:32:d7:c3:d3:21:ea:65:14:
6f:da:e2:b7:24:f4:a7:7e:ab:fc:ef:e7:2c:21:ec:d2:86:de:
44:f5:a9:cb
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZQi/Cj7GZ1ojw4GhtRk37gIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjUwMTAxMTc0ODU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTkyZjE5ODgyMGExMjlhZTEwY2NlODRiMjQ2NDEyNTAyMDNlZmVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Qpeg10tRoB4foLJTEbNGs6xiUPs
QcLsW2Mh5lpKPD+AE/8uNlWD74GJE+s9jaycNtBL6KiUeZoD9bhogJx5v6kTiu1x
Sn2ScQJIXNzQkwBHQ9ijsOQ3SJOegYM8tSnwIey625qugAp+rz/EDKlcR3y0iMEy
j1Cvs9HwQq7UvWm2UL2HTds2JLjrwGkUNBU//HWfNygqXXKYQhkaL1FK6kfymTOe
5sRaBJtph7IVSgeozDGc5TZo7luYPuR1Hjl3Wtk4TLOygf6mITtqGwWz7dVwX1u2
6yjwyXnxj+0Apa/bDoJQVqFv6WL/DRMEISWCPgm7rfjJd1VP+xSyCZd0fwIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFN6S8ZiCChKa4QzOhLJGQSUCA+/tMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvM3BMeG1JSUtFcHJoRE02RXNrWkJKUUlENy0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAATBMAwQCLZaoAwQC
LZfEAwQCwR9oMAwDBADDim0DBADDim4DBADDinEDBADDinMDBADDinUDBADDincD
BADDinkwDAMEAMOKewMEB8OKADANBgkqhkiG9w0BAQsFAAOCAQEAO/e4S41MCrku
VgPhZgTdBaId7UGOfjMgYVsbrXvPBhrPWF+XUcs++YLt5YSOfPzYzo1z2ElkWfla
W3GADaeUA7Y1UGpm2W1Z9x7KDXRHXwNN4VWJC1V6F/MI/5/vPUuwu6IYXTnyUj0C
ZvLKzXZTvkfY2b4Yzv9UG08WaCmuI2FujzcnokxoEtyUgEokjGVqiGUEOt19N/3t
HHmkOI/RfmbdsXimDcjIKHryo2uiVE6705RxSUHfomSYLqt7pXEPfFGSX3ksUjxw
nbGD2e6XfigjxXmHCc7spbKPbPBx6fjJujLXw9Mh6mUUb9rityT0p36r/O/nLCHs
0obeRPWpyw==
-----END CERTIFICATE-----
Generated at Sat Apr 5 12:12:53 2025 by rpki-client